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CODE 
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MAIL STOP AF - PATENTS 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 223 1 3-1450 

Sir: 

Pursuant to the Pre- Appeal Brief Conference Pilot Program, and further to the 
Examiner's Final Office Action dated March 30, 2007, and Advisory Action dated August 13, 
2007, Applicant files this Pre-Appeal Brief Request for Review. This Request is also 
accompanied by the filing of a Notice of Appeal. 

Applicant turns now to the rejections at issue, starting with a summary of the claimed 
invention and cited art. The claimed invention relates to protecting computers from hostile code, 
by controlling operations on the computer irrespective of the rights of the operator. The claimed 
invention assigns each object and process to a trust group, assigns each object to an object type, 
and defines a plurality of operation types. Each trust group is characterized by a trust group 
value and pointers to FromLower and ToLower rules lists. The rules lists include action rules, 
each of which listing a combination of Operation type, an object type, and an action (example of 
action are given as open, read, write, etc., see, Paragraph [0084]). When a process requests 



PAGE 319 * RCVD AT 9124/2007 2:39:06 PM [Eastern Daylight Time] ' SVR:USPT0-EFXRF-3/1 ' DNIS:2738300 ' CSID:65062581 10 • DURATION (mm-ss):0246 



09/24/2007 11:41 6506258110 



SUGHRUE MION 



PAGE 04/09 



access to an object, the trust group value of the process and object are checked to select a pointer 
to the proper rules list, and then determine the appropriate rule from that rules list to apply to that 
request 

The primary reference, Keronen, relates to preventing disclosure of protected information 
(see Title). For each entity on the computer, Keronen assigns a trusted/untrusted indicator, a 
clean/exposed to protected information indicator, and a public/protected indicator (cl. 5, Ln. 26- 
32) . According to Keronen, trusted entities may freely exchange information, while untrusted 
entities may exchange information under restrictions (Cl. 5, Ln. 37-43). Keronen further 
discloses that once an untrusted entity is exposed to protected information it cannot freely 
disclose that information (Cl. 6, Ln. 10-21). Disclosure, per Keronen, includes transmission over 
Internet, printing, and displaying on monitor (Cl. 6, Ln. 13-1 8). 

The secondary reference, Edwards, relates to managing dynamic decision trees in data 
packet switch (Title, Abstract). Edwards describes a manner to modify a decision tree in a 
switch, without causing disruption or delay to the switch operation (Cl 1, Ln. 55-62). Edwards 
describes lookup units that receive packets, read instructions from the decision tree, and execute 
the instructions (Cl. 3 , Ln. 1 1 - 1 8). Edwards discloses certain types of instructions, such as 
branch, action, and others (Cl. 3, Ln. 24-39). The instructions include rules that may be used to 
create and modify decision trees, each rule having a set of conditions and a set of actions (Col. 3, 
Ln. 40-45). 

As can be understood from the above, other than the use of rules, Edwards has nothing to 
do with the claimed invention and/or with the primary reference Keronen. But for the 
Examiner's torturous interpretation of the Edwards' disclosure, this reference should be 
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summarily dismissed from this case. Moreover, Applicant respectfully submits mat Keronen 
differs significantly from the claimed invention and fails to disclose or suggest the recited 
limitations of the independent claims. 

Turning to the particulars of the pending rejection, with regards to Claim 1, the Examiner 
foiled to indicate where in Keronen the following limitation is disclosed: 

defining at least two trust groups, each of the defined trust groups being characterized by 
a trust group value, a FrnmLower rules list pointer, and a Tolower rules list pointer 
Specifically, the Examiner points to Keronen as teaching the partial limitation of defining 
trust groups, but stops short of the complete limitation as recited in the claim. This omission is 
understandable, as indeed nowhere does Keronen teach or suggest the feature of trust groups 
characterized by a trust group value, a FromLower rules list pointer, and a ToLower rules list 
pointer. Rather, Keronen only teaches the binary concept of trusted/untrusted, which is well 
known in the art. Realizing this deficiency, the Examiner alleges that it would have been 
obvious to incorporate the node pointers of the decision tree of Edwards into the 
trusted/untrusted definition of Keronen, so as to come up with the claimed limitation. Clearly, 
Keronen contemplates a binary definition of trusted/untrusted and does not as much a hint about 
the need for any other definition. Furthermore, the idea of mcorporating a decision tree pointer 
into the trusted/untrusted definition of Keronen has no basis m reality. Keronen's entire system 
is based on the binary decision trusted/untrusted, and inserting pointers to decision tree nodes is 
meaningless in such a system, as Keronen does not define rules to which such pointers would 
point to. 
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The Examiner further alleges that Keronen discloses the limitation defining a plurality of 
action rules. However, as with the previous limitation, the Examiner fails short of addressing the 
complete limitation. The entire limitation states: 

defining a plurality of action rules, each of the action rules corresponding to at least one 
of the FromLoyver or Tolower rules list pointers, each of the action rules listing a combination 
of an operation type from the plurality of operation types; an action; and object type; 

This limitation defines an intricate relationship between the action rules and the list 
pointer, and explains the constitution of each rule. Rather than properly addressing this 
limitation for what it clearly states, the Examiner picks it apart and refers to four figures and 
about two columns of Keronen as providing a teaching of this limitation. In the cited passages, 
Keronen explains how an entity is marked once it is exposed to protected information, and how 
then the untrusted entity is prevented . from revealing this protected information. In the cited 
passages Keronen does not teach defining a plurality of rules, let alone rules that tist 
combinations of operation type, object type, and action. Moreover, since Keronen does not teach 
defining a plurality of action rules, it is not clear how one is to make the leap into having the 
decision tree pointers of Edwards operate to point to the undefined rules, as suggested by the 
Examiner. 

The Examiner points to Col. 5, Ln. 46 to Col. 6, Ln. 21 as teaching the "when the trust 
group value of the trust group of the process is higher. . .** limitation. As noted above, in this 
passage Keronen explain how an untrusted entity that has been exposed to protected information 
is marked as "exposed" and is then prevented from revealing that information. There is no 
disclosure in the cited passage of inspecting rules corresponding to the ToLower pointer-to 
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obtain the proper action. Rather Keronen simply and in a straight fashion marks the entity as 
exposed and prevents it from exposing the information. In a similar fashion, the Examiner 
asserts that Col. 6, line 66 to Col. 7, Ln. 24, discloses the "when the trust group value of the trust 
group of the process is smaller. . limitation. In this cited passage Keronen teaches how an 
entity is marked as exposed due to a write operation. Nothing in this cited passage relates to list 
of rules that related to the claimed pointers and provides combinations of operation type, object 
type, and action. 

To sunmiarize, the office action fails to follow the mandate of taking the claim "as a 
whole" and apply the art to the claimed invention. Rather, extreme efforts have been made to 
take various passages of the cited art and make them fit onto partial clauses of the claims. At 
least for these reasons, Applicant respectfully submits that all of the pending claims are 
allowable over the cited art. 
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